About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

D-Link Router CVE-2021-27342 Vulnerability Writeup - 491

WhtaguyPosted 4 Years Ago
  • The author is a student at Stanford who is likely living on their own. Because they needed some internet, they bought a new router for the internet but took the opportunity to hack on it.
  • The Telnet service running on the device has brute force protection for somebody trying to brute force a login. This is implemented by delaying the response with a call to sleep (3 seconds) prior to sending an access denied back.
  • The issue is that the correct password only takes 0.05 seconds regardless of how many tries it took. This means that the 3 second wait period does not need to be considered! We only need to wait 0.05 seconds in order to know if it's the proper password or not.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed